Releases: DataBoar/data-boar
Release list
Data Boar 1.7.4 GA (xkcd 2¹⁰)
Release 1.7.4
Status: Released (2026-06-26) — merge via PR #1024 (xkcd 2¹⁰); tag v1.7.4, GitHub Release, and Docker Hub publish follow operator release-ritual post-merge. #970 = premature stable attempt without gate — does not VOID this release (ADR-0072, ADR-0073). maturity_build = 201 side-channel (#976).
Public version: 1.7.4 · ADR-0073 Accepted · release gate #406 closed in this train.
Historic RC ladder: 1.7.4-rc.md · 1.7.4-rc-2 working line before this GA.
Highlights
- Maestro Linux-port (gate #704):
Handle-LicensingMatrix.ps1now runs correctly on pwsh-Linux —-WindowStyle Hiddenguarded by$IsWindows;Start-Processwrapped intry/catchto propagate spawn failures; locale-independent redirect detection via HTTP status code (#827, #818, #820). - Licensing matrix enforced (community / pro / enterprise):
Stop-MatrixApiProcesscross-platform; no port collision between tiers on Linux (#820). - Completão smoke gate machine-verifiable: all 10 handlers write
/tmp/databoar_handler/<persona>_sentinel.txtwith the actual bash exit code;Wait-HandlerSentinel.ps1polls and aggregates real pass/fail (#831). - Safe
tmuxpayload injection: base64-encoded payloads +-Refallowlist in all 10 handlers — eliminates shell-quoting injection risks (#830). - Security hardening (#825):
hmac.compare_digestfor API key and MAC comparison (timing-safe); Chart.js vendored (api/static/), CSPscript-src 'self'; rsync excludes.env/.env.*;Maestro.ps1exits non-zero on real handler failures. - 5th lab host registered: alpine emachines E527 added to manifest and documentation (#821).
- Maestro / completão Deep smoke:
lab-completao-host-smoke.shaccepts--bench-config PATH; Docker, Podman, Swarm, LXD, and MicroK8s handlers pass--bench-configbefore--lab-stack-up(#404, #408).
Unreleased changelog source (dense / pre-move from root CHANGELOG)
The root CHANGELOG.md Unreleased section follows Keep a Changelog categories for scanability; this subsection retains the older long-form bullets for operators who need paths, rollback hints, and cross-links in one place.
- Config redaction:
config/redact_config.pyuses substring key matching (withtoken_urlallowlist) so compound keys liketelegram_bot_tokenandfile_passwordsredact on GET/config— #622. - Man page (
data_boar.5): documentlocaleblock and unifiedpatterns_plugin_filesection — #444, #431. - Issue queue / PMO: refresh
PLANS_TODO.mdtriage snapshot (135 open, head-of-queue P1 man + #483; P0 only #606 product scope). - Governance docs: Contributor Covenant 2.1 in
CODE_OF_CONDUCT(+ pt-BR); refreshTERMS_OF_USEandPRIVACY_POLICY(+ pt-BR) for 1.7.4-rc, tier matrix cross-links, optional dashboard auth, and maturity-assessment local storage — closes #419, #423, #424. - Legacy DB module filename:
db/databasse.pyrenamed todb/database.pyso filesystem paths matchsonar-project.propertiesexclusions and operator mental model (GitHub #488). - Release candidate (working line): bump
1.7.4-rconmain(pyproject.toml, man.TH, hybrid lab image defaults, PUBLISHED_SYNC reconciliation); draft GitHub pre-release checklist indocs/releases/1.7.4-rc.md— no Docker Hublatestmove until1.7.4final. - Maestro / completão (Deep benchmark argv):
scripts/lab-completao-host-smoke.shparses--bench-config; container handlers (Docker, Podman, Swarm, LXD, MicroK8s) pass that flag before--lab-stack-upso Deep smoke no longer hitsexit 2on unknown args (issues #404, #408). Draft stable checklist:docs/releases/1.7.4.md. - Lab lessons public archive:
docs/ops/lab_lessons_learned/dated snapshots + hubLAB_LESSONS_LEARNED.mdcontract (ADR 0042); situational.cursor/rules/lab-lessons-learned-archive.mdc; session tokenlab-lessonsinsession-mode-keywords.mdc; cold-start ladder, policy hubs,LAB_COMPLETAO_RUNBOOK,PLANS_TODOIntegration row, and phase-2 situationalization inventory updated. - SQL sampling (SRE + audit posture): Shared builders in
connectors/sql_sampling(tagged SQL, dialect hints),connectors/sql_table_row_estimatefor metadata-first row caps, optional per-statement timeouts andinter_query_delay_msonSQLConnector/ Snowflake,core/sampling_policyfor YAML overrides, and filesystem SQLite path integration. See ADR 0043 and PLAN_SQL_SAMPLING_SRE_AND_AUDIT_EVIDENCE.md. - Lab hybrid completão:
scripts/lab-completao-orchestrate-hybrid-v173.ps1resolvessshHost+ firstrepoPathsfrom the lab manifest; LAB-NODE-02 scan dir prefers/home/leitao/Documentsthen/home/leitao/documents; LAB-NODE-01 / LAB-NODE-03 / lab-node-02 usetmux send-keys -t completaowhen that session exists, elsessh … bash -lcpodman/docker; LAB-NODE-04 passive uses the repo clone path for.venv; imagefabioleitao/data_boar:1.7.3. - Docs / quality gates:
docs/TESTING_POC_GUIDE.mdanddocs/TROUBLESHOOTING_MATRIX.md— unique pseudo-headings (MD024);.cursor/rules/public-tracked-pii-zero-tolerance.mdc— LinkedIn placeholder uses<placeholder-slug>sotests/test_pii_guard.pydoes not treat the comma-terminated/in/examplesample as a real slug. - Developer ergonomics (Windows / PowerShell):
CONTRIBUTING(EN + pt-BR) documents correctActivate.ps1venv activation and the not recognized failure when invokingScripts\activatewithout.ps1;tests/test_pwsh_venv_activate_docs.pyguards tracked.md/.mdcfrom reintroducing the bad.venv…Scripts…activatepath pattern. - Ops docs:
docs/ops/CURSOR_RULES_PHASE2_SITUATIONALIZATION.md(+ pt-BR) — Tier A inventory, Tier B/C backlog, why locale +docker-local-smoke-cleanupstay strongly always-on, pros/cons, and a 13-step reproducible ritual for the next situationalization batch (token-aware follow-up). - Cursor rules (phase 2 — plans / Sonar MCP / study cadence):
plans-status-pl-sync.mdc,plans-archive-on-completion.mdc,sonarqube_mcp_instructions.mdc, andstudy-cadence-reminders.mdcare situational (alwaysApply: false) with narrowglobs; session tokenssonar-mcp/study-check(and scope tokensdocs/feature/houseclean/backlogfor plan drift) plus@…latches bind them in fresh threads —docker-local-smoke-cleanup.mdcstaysalwaysApply: true(short, high-frequency smoke/prune guidance; release sequencing is already situational). Cold-start ladder (EN/pt-BR),session-mode-keywords,AGENTS.md,CURSOR_AGENT_POLICY_HUB, andOPERATOR_SESSION_SHORTHANDSupdated. Rollback:git revertthe commit or restore the four rules fromgit show <parent>:.cursor/rules/<name>.mdc. - Cursor rules (phase 2 — release publish sequencing):
release-publish-sequencing.mdcis situational (alwaysApply: false) with narrowglobsonVERSIONING,docs/releases/**, Docker Hub / image order /PUBLISHED_SYNC,scripts/docker-lab-build.ps1,docker-prune-local.ps1,scripts/docker/README.md, anddocker-smoke-container-hygieneskill; session tokenrelease-ritualand@release-publish-sequencing.mdcbind it in fresh threads —docker-local-smoke-cleanup.mdcstaysalwaysApply: true. Cold-start ladder (EN/pt-BR),session-mode-keywords,AGENTS.md,VERSIONING(+.pt_BR.md),CURSOR_AGENT_POLICY_HUB,OPERATOR_SESSION_SHORTHANDS, anddocker-local-smoke-cleanupcross-links updated. Rollback:git revertthe commit orgit show <parent>:.cursor/rules/release-publish-sequencing.mdc. - Cursor rules (phase 2 — Everything /
es-find):everything-es-cli.mdcis situational (alwaysApply: false) with narrowglobsonscripts/es-find.ps1,EVERYTHING_ES_*,WINDOWS_FAST_CLI_WRAPPERS.*, andeverything-es-searchskill; session tokenes-findand@everything-es-cli.mdcbind it in fresh threads —windows-pcloud-drive-search-discipline.mdcstaysalwaysApply: trueforP:/ huge-tree discipline. Cold-start ladder (EN/pt-BR),session-mode-keywords,AGENTS.md,CURSOR_AGENT_POLICY_HUB,OPERATOR_SESSION_SHORTHANDS, andwindows-pcloud-drive-search-disciplinecross-links updated. - Cursor rules (phase 2 —
docs/private/workspace cues):docs-private-workspace-context.mdcis situational (alwaysApply: false) withglobsonPRIVATE_OPERATOR_NOTES,AGENTS.md,docs/private.example/**,PRIVATE_STACK_SYNC_RITUAL,PRIVATE_LOCAL_VERSIONING, and **`s...
v1.7.4-rc (pre-release)
Pre-release 1.7.4-rc / tag v1.7.4-rc (candidate — not stable Docker marketing)
Kind: GitHub pre-release (non-production) — use the Set as a pre-release checkbox in the web UI, or gh release create … --prerelease.
Working version string: 1.7.4-rc in pyproject.toml (PEP 440: 1.7.4rc1 when normalized by tooling).
Published stable baseline (unchanged for customers): 1.7.3 / Git tag v1.7.3 / Docker fabioleitao/data_boar:1.7.3 + latest until 1.7.4 final publish per VERSIONING.md and release-publish-sequencing (situational rule).
Intent
- Signal release-candidate readiness for
1.7.4onmain(docs/tests/orchestration alignment) without treating1.7.4-rcas the consumerlateston Docker Hub. - Keep Hub marketing copy refresh (
docs/ops/DOCKER_HUB_REPOSITORY_DESCRIPTION.md) aligned to stable semver publishes unless you explicitly advertise an RC image.
GitHub Release (pre-release)
After the version bump commit is on main:
git tag -a v1.7.4-rc -m "v1.7.4-rc: pre-release candidate"
git push origin main
git push origin v1.7.4-rc
gh release create v1.7.4-rc --prerelease --title "v1.7.4-rc (pre-release)" --notes-file docs/releases/1.7.4-rc.mdWeb UI parity: enable Set as a pre-release; disable Set as the latest release so v1.7.3 remains the Latest stable pointer.
Verify:
gh release view v1.7.4-rc --json isPrerelease,name,urlDocker (optional lab tag only)
Default posture for this milestone: do not publish fabioleitao/data_boar:1.7.4-rc to Docker Hub unless you intentionally want a pullable RC. If you do, still treat it as pre-release in communications and keep latest on 1.7.3 until 1.7.4 final.
After v1.7.4-rc (toward 1.7.4)
- Finish validation (CI green, operator lab evidence, release notes for
1.7.4). - Bump
pyproject.tomlto1.7.4(final, no suffix) on the commit you will tag. - Follow stable publish order:
v1.7.4tag → GitHub Release (not pre-release) → Docker1.7.4+latest→ refresh PUBLISHED_SYNC (+ pt-BR).
v1.7.3: Stable Baseline
Standard release following the 1.7.2-safe security milestone.
Full Changelog: v1.7.1...v1.7.3
v1.7.2-safe: The Clean Slate
Changelog
Human-readable summary of user-facing changes. Detailed release notes: docs/releases/ (full checklists, Docker publish commands, GitHub Release text).
Unreleased (main)
- Next working line:
1.7.3-beta(or next planned pre-release) onmainper VERSIONING.md after publish choreography (maintainers: release-publish-sequencing rule in-repo).
1.7.2+safe (2026-04-22) — Security & Sanitization (Golden / Clean Slate)
Distribution milestone. Package version 1.7.2+safe is PEP 440 (local segment safe); Git and Docker Hub use tag v1.7.2-safe for parity with the validated slim image.
- Sanitized publish surface: Docker Hub now standardises on
fabioleitao/data_boar:v1.7.2-safeandlatest(single digest); all prior Hub tags for this repository were removed — do not pin deprecated tags in runbooks. - Git / history narrative: Positions the repo after PII-sensitive history remediation; external consumers should clone from
v1.7.2-safeonward for the clean baseline story. - Feature baseline: Same application line as 1.7.1 plus subsequent
maindevelopment (WebAuthn phases, RBAC #86 Phase 2, data-soup Tier 1 + stego hints, etc.); see 1.7.1 below for feature notes. Full operator checklist: docs/releases/1.7.2-safe.md.
Carryover (was 1.7.2-beta on main before this tag)
- Dashboard auth (Phase 1a — WebAuthn JSON core): Optional
api.webauthn+DATA_BOAR_WEBAUTHN_TOKEN_SECRET— ADR 0033,tests/test_webauthn_rp.py,scripts/smoke-webauthn-json.ps1+ SMOKE_WEBAUTHN_JSON.md. Default disabled. - Dashboard auth (Phase 1b — HTML session + CSRF minimal): WebAuthn session + CSRF on gated routes —
tests/test_webauthn_html_gate.py,tests/test_html_csrf.py. - Dashboard RBAC (Phase 2 — GitHub #86): Optional
api.rbac.enabled—tests/test_rbac.py. Phase 3 (enterprise SSO/OIDC) remains future work. - Filesystem “data soup” Tier 1 + stego hints:
SUPPORTED_EXTENSIONS+file_scan.scan_for_stego/ CLI--scan-stego; import fix inconnectors/filesystem_connector._read_text_sampleforRICH_MEDIA_SCAN_EXTENSIONS.
1.7.1 (2026-04-21)
- Scope import (CSV):
scripts/scope_import_csv.py+config/scope_import_csv.pyemit a YAMLtargetsfragment from a canonical CSV for operator review and merge; see USAGE.md,deploy/scope_import.example.csv, docs/ops/SCOPE_IMPORT_QUICKSTART.md, PLAN_SCOPE_IMPORT_FROM_EXPORTS.md. - Ops (maturity POC): docs/ops/SMOKE_MATURITY_ASSESSMENT_POC.md (+ pt-BR) documents autonomous pytest smoke (
scripts/smoke-maturity-assessment-poc.ps1) and manual browser/integrity steps for the POC ready checklist; indexed from docs/ops/README.md. - Dashboard (maturity POC):
GET /{locale}/assessmentshows a recent submissions table (per batch, newest first) when the SQLite DB has stored answers; links reuse the post-submit summary URL and CSV export. Documented in ADR 0032. Per-tenant RBAC for this list remains #86 follow-up. - Licensing / maturity POC: API tests assert
licensing.mode: enforced+ JWTdbtier(community vs pro) gates/{locale}/assessment(and export) consistent with YAMLeffective_tieroverride — seetests/test_api_assessment_poc.py(test_assessment_enforced_jwt_dbtier_*).
1.7.0 (2026-04-17)
- Minor release: detector format hints (REST JSON scalars, email/UUID
VARCHARhints), HEIC / Apple images when optional deps are present; reporting/security fixes (heatmap path guard, report import hygiene). - Compliance & docs: GLOSSARY and COMPLIANCE_AND_LEGAL expanded (US healthcare adjacency, Wabbix/WRB, VBA disambiguation, minors/criminal-record context — not legal conclusions); alignment with ADR 0025 evidence positioning.
- Repository: PII guards, CI/deps, Semgrep/Bandit posture; operator Ansible/homelab scripts and runbooks (see docs/releases/1.7.0.md for full checklist).
1.6.8 (2026-04-02)
- Ops automation: added reusable token-aware wrappers for session bootstrap, progress snapshots, and external review package generation (
scripts/auto-mode-session-pack.ps1,scripts/progress-snapshot.ps1,scripts/external-review-pack.ps1). - Review reliability: hardened Gemini bundle verification logic to avoid false mismatches when marker-like text appears inside documentation examples (
scripts/export_public_gemini_bundle.py). - Runbooks and governance: expanded today/next-day/carryover discipline, reinforced Wabbix/Gemini source-of-truth framing, and added Time Machine USB recovery and repurpose playbook for urgent storage/backup recovery.
- Hardening and lab-op docs: integrated LMDE/T14 and Ansible hardening baselines, validation checklists, and CAPEX/OPEX planning outputs aligned to current roadmap.
1.6.7 (2026-03-25)
- Removed legacy
run.py. Usepython main.pyonly, with the correct bind flags (--host,api.host,API_HOST) and dashboard transport (--https-cert-file/--https-key-file, or--allow-insecure-http/api.allow_insecure_http). See docs/releases/1.6.7.md and docs/USAGE.md. - Docs / tooling:
docs/USAGE.md(+ pt-BR),sonar-project.properties,docs/plans/completed/NEXT_STEPS.mdupdated accordingly.
Earlier versions
See docs/releases/ (e.g. 1.6.6.md, 1.6.5.md, …).
Full Changelog: v1.7.1...v1.7.2-safe
1.7.1
Release 1.7.1
Release date: 2026-04-21 (publish).
Version string: 1.7.1 — build bump from 1.7.0 (VERSIONING.md): scope import from CSV, maturity POC operator smoke path, and licensing/assessment test hardening.
Highlights
- Scope import (CSV):
scripts/scope_import_csv.py+config/scope_import_csv.pyemit a YAMLtargetsfragment from a canonical CSV for review and merge; USAGE.md,deploy/scope_import.example.csv, SCOPE_IMPORT_QUICKSTART.md (EN + pt-BR). - Maturity self-assessment POC: Operator runbook SMOKE_MATURITY_ASSESSMENT_POC.md +
scripts/smoke-maturity-assessment-poc.ps1; recent batches table and export paths documented (ADR 0032). - Licensing / assessment: API tests for
licensing.mode: enforced+ JWTdbtiergating/{locale}/assessment(community vs pro) — seetests/test_api_assessment_poc.py.
Changes since 1.7.0
- Non-breaking config/operator additions; no intentional breaking API/config contract changes — validate custom configs as usual after upgrade.
Bump type
| From | To | Rule (VERSIONING.md) |
|---|---|---|
| 1.7.0 | 1.7.1 | Build — patch-style bundle on same minor |
How to get 1.7.1
- From source:
uv syncat1.7.1onmain(or install from Git tagv1.7.1). - Docker:
docker pull fabioleitao/data_boar:1.7.1(andlatestafter Hub publish).
Build and push Docker image
From repo root, on main at 1.7.1 (first commit of the release PR, before the 1.7.2-beta bump), after tests pass:
.\scripts\check-all.ps1
.\scripts\docker-lab-build.ps1
docker login
docker tag data_boar:lab fabioleitao/data_boar:1.7.1
docker tag data_boar:lab fabioleitao/data_boar:latest
docker push fabioleitao/data_boar:1.7.1
docker push fabioleitao/data_boar:latestPaste Short + Full repository description from docs/ops/DOCKER_HUB_REPOSITORY_DESCRIPTION.md into Docker Hub Edit after push.
Publish (tag + GitHub Release)
After the 1.7.1 version bump is on main (tag the commit that still has version = "1.7.1" in pyproject.toml, not the follow-up 1.7.2-beta commit):
git pull origin main
git log --oneline -5
# identify SHA of chore(release): 1.7.1 commit
git tag v1.7.1 <SHA>
git push origin v1.7.1
gh release create v1.7.1 --notes-file docs/releases/1.7.1.md --title "1.7.1"After publish: verify
- GitHub: Release v1.7.1 and tag point to the
1.7.1commit. - Docker Hub: Tags
1.7.1andlatestpullable; repository description matches this repo. - README (EN + pt-BR): Current release = 1.7.1 (published); working tree may show
1.7.2-betaonmainafter the development bump. - Published sync:
docs/ops/today-mode/PUBLISHED_SYNC.md+.pt_BR.mdupdated. - Optional:
docker scout quickview fabioleitao/data_boar:1.7.1.
What's Changed
- docs: legal pt-BR, licensing tiers ADR 0027, README pitch, today-mode eod by @FabioLeitao in #190
- chore(deps): S0 trust burst — pip lock, Actions SHAs by @FabioLeitao in #195
- docs: Data Boar branding + legacy PyPI install identity by @FabioLeitao in #197
- docs(ops): lab completão — SSHFS, WebDAV, iSCSI patterns by @FabioLeitao in #198
- chore: PyPI distribution id data-boar (complete rename vs #197) by @FabioLeitao in #199
- docs(workflow): morning readiness ladder in day ritual by @FabioLeitao in #201
- deps(pip): bump the pip-minor-patch group across 1 directory with 22 updates by @dependabot[bot] in #200
- test(workflow): dependency lock/export guards + ADR 0030 closure docs by @FabioLeitao in #202
- docs(cursor): agent session ritual (sync main + private stack) by @FabioLeitao in #203
- docs(cursor): PR/merge only when slice warrants it by @FabioLeitao in #204
- feat(maturity): GRC self-assessment POC, plan archive, lab JWT by @FabioLeitao in #207
- feat(api): maturity rubric scoring, CSV/MD export, and plan sequencing by @FabioLeitao in #208
- feat(config): scope import CSV to YAML targets fragment by @FabioLeitao in #209
Full Changelog: v1.7.0...v1.7.1
1.7.0
Release 1.7.0
Release date: 2026-04-17 (planned publish).
Version string: 1.7.0 — minor bump from 1.6.8 (VERSIONING.md): detector and compliance documentation advances, security hardening, and operator tooling accumulated on main.
Highlights
- Detector (format intelligence): REST JSON scalar types for connector format hints; extended email
VARCHARlength hints; UUID-shapedVARCHARhints; HEIC / Apple image path withpillow-heifand magic-byte routing where enabled. - Reporting / security: Heatmap embed path guard; import hygiene in report generator; ongoing CodeQL / PII-guard alignment for public-tree safety.
- Compliance & glossary: Expanded GLOSSARY (EN + pt-BR): Stark Law, HCP, CPML context, HHS vs HSS, minor data and risk, Wabbix/WRB, VBA (value-based agreement vs Office VBA); COMPLIANCE_AND_LEGAL positioning (PEP/KYC, criminal-record context, joint delivery, HIPAA adjacency).
- Repository hygiene: PII history guards, pre-commit alignment, Dependabot merges, CI Action pins, Semgrep/Bandit posture; extensive ops / Ansible / homelab scripts (operator-facing; does not change core scanner contract alone).
Changes since 1.6.8
- Minor-feature track for connector-driven format hints and richer file-type coverage (HEIC).
- Non-breaking security and documentation updates; no intentional breaking API/config changes — validate custom configs as usual after upgrade.
Bump type
| From | To | Rule (VERSIONING.md) |
|---|---|---|
| 1.6.8 | 1.7.0 | Minor — new backward-compatible capabilities |
How to get 1.7.0
- From source:
uv syncat1.7.0onmain. - Docker:
docker pull fabioleitao/data_boar:1.7.0(and optionally:latestafter Hub publish).
Build and push Docker image
From repo root, on main at 1.7.0, after tests pass:
.\scripts\check-all.ps1
.\scripts\docker-lab-build.ps1
docker login
docker tag data_boar:lab fabioleitao/data_boar:1.7.0
docker tag data_boar:lab fabioleitao/data_boar:latest
docker push fabioleitao/data_boar:1.7.0
docker push fabioleitao/data_boar:latestPaste Short + Full repository description from docs/ops/DOCKER_HUB_REPOSITORY_DESCRIPTION.md into Docker Hub Edit after push.
Publish (tag + GitHub Release)
After this version is on main:
git pull origin main
git tag v1.7.0
git push origin v1.7.0
gh release create v1.7.0 --notes-file docs/releases/1.7.0.md --title "1.7.0"After publish: verify
- GitHub: Release v1.7.0 and tag point to the intended commit.
- Docker Hub: Tags
1.7.0andlatestavailable and pullable; repository description matches this repo (no stale semver). - README (EN + pt-BR): “Current release” = 1.7.0.
- Published sync:
docs/ops/today-mode/PUBLISHED_SYNC.md+.pt_BR.mdupdated. - Optional:
docker scout quickview fabioleitao/data_boar:1.7.0— base-image CVEs may remain no-fix until Debianpython:*-slimrefresh (document exceptions as needed).
What's Changed
- docs(ops): PII public tree guide, pytest guard, PII tooling by @FabioLeitao in #175
- fix(security): redact public today-mode and PII guide placeholders by @FabioLeitao in #176
- chore(deps): bump cryptography from 46.0.6 to 46.0.7 in the uv group across 1 directory by @dependabot[bot] in #177
- chore: operator workflow sync (cursor, scripts, docs, guards) by @FabioLeitao in #178
- ci(actions): bump actions/upload-artifact from 7.0.0 to 7.0.1 by @dependabot[bot] in #179
- ci(actions): bump astral-sh/setup-uv from 94527f2e458b27549849d47d273a16bec83a01e9 to 37802adc94f370d6bfd71619e3f0bf239e1f3b78 by @dependabot[bot] in #180
- deps(pip): bump the pip-minor-patch group with 13 updates by @dependabot[bot] in #181
- deps(pip): bump starlette from 0.52.1 to 1.0.0 by @dependabot[bot] in #182
- deps(pip): bump types-pyyaml from 6.0.12.20250915 to 6.0.12.20260408 by @dependabot[bot] in #183
- chore(deps): bump pypdf from 6.9.2 to 6.10.0 in the uv group across 1 directory by @dependabot[bot] in #184
- chore(deps): bump pillow from 12.1.1 to 12.2.0 in the uv group across 1 directory by @dependabot[bot] in #185
- chore(deps): bump pytest from 9.0.2 to 9.0.3 in the uv group across 1 directory by @dependabot[bot] in #186
- chore(deps): bump pypdf from 6.10.0 to 6.10.1 in the uv group across 1 directory by @dependabot[bot] in #187
- chore(deps): bump python-multipart from 0.0.22 to 0.0.26 in the uv group across 1 directory by @dependabot[bot] in #188
Full Changelog: v1.6.8...v1.7.0
1.6.8
Release 1.6.8
Release date: 2026-04-02 (published).
Version string: 1.6.8 published as Git tag + GitHub Release + Docker Hub tag, aligned with VERSIONING.md.
Highlights
- Token-aware ops pack: new wrappers for reproducible session flow with lower cognitive load and lower token overhead:
scripts/auto-mode-session-pack.ps1scripts/progress-snapshot.ps1scripts/external-review-pack.ps1
- Gemini bundle integrity fix:
scripts/export_public_gemini_bundle.py --verifynow validates sequentially and avoids false mismatches caused by marker-like content in docs examples. - Storage urgency support: added Time Machine USB recovery + repurpose runbooks (EN + pt-BR) for P0 backup workflows:
docs/ops/TIME_MACHINE_USB_RECOVERY_AND_REPURPOSE.mddocs/ops/TIME_MACHINE_USB_RECOVERY_AND_REPURPOSE.pt_BR.md
- Ops discipline and roadmap continuity: updated two-week execution plan, next-day checklist, and carryover queues with release gate, external review loops (WRB/Gemini), and anti-chaos rituals.
Changes since 1.6.7
- Expanded ops/runbook surface for token-aware automation and release safety.
- Added concrete founder/profile guidance in private commercial docs (LinkedIn/ATS, public-safe evidence narrative).
- Added or refined CAPEX/OPEX, governance, and decision-maker documentation slices linked to current planning fronts.
Bump type
| From | To | Rule (VERSIONING.md) |
|---|---|---|
| 1.6.7 | 1.6.8 | Build (patch) — same major/minor, +1 build |
How to get 1.6.8
- From source:
uv syncat1.6.8onmain. - Docker:
docker pull fabioleitao/data_boar:1.6.8(and optionally:latest).
Build and push Docker image
From repo root, on main at 1.6.8, after tests pass:
.\scripts\check-all.ps1
.\scripts\docker-lab-build.ps1
docker login
docker tag data_boar:lab fabioleitao/data_boar:1.6.8
docker tag data_boar:lab fabioleitao/data_boar:latest
docker push fabioleitao/data_boar:1.6.8
docker push fabioleitao/data_boar:latestPublish (tag + GitHub Release)
After this version is on main:
git pull origin main
git tag v1.6.8
git push origin v1.6.8
gh release create v1.6.8 --notes-file docs/releases/1.6.8.md --title "1.6.8"After publish: verify
- GitHub: Release v1.6.8 and tag point to the intended commit.
- Docker Hub: Tags
1.6.8andlatestavailable and pullable. - README (EN + pt-BR): “Current release” = 1.6.8.
- Published sync:
docs/ops/today-mode/PUBLISHED_SYNC.md+.pt_BR.mdupdated.
Full Changelog: v1.6.7...v1.6.8
1.6.7
Release 1.6.7
Release date: 2026-03-26 (published).
Version string: 1.6.7 published as Git tag + GitHub Release + Docker Hub tag, aligned with VERSIONING.md.
Highlights
- CLI: Removed legacy
run.py. The supported entry point ispython main.py(oruv run python main.py) for one-shot audits and--web. - Migration (required if you still used
run.py): - Bind:
main.pyresolves host via--host, thenapi.host, thenAPI_HOST, then default127.0.0.1. The old wrapper forced0.0.0.0for--web— replicate explicitly with--host 0.0.0.0or environment/config if you need that behavior. - Transport:
main.py --webrequires TLS (--https-cert-fileand--https-key-file, orapi.https_cert_file/api.https_key_file) or explicit plaintext--allow-insecure-http/api.allow_insecure_http: true. The default Docker imageCMDalready includes--allow-insecure-httpfor labs without mounted certs. - Docs / quality:
docs/USAGE.md(+ pt-BR),sonar-project.properties, completed-plan history (NEXT_STEPS.md); rootCHANGELOG.mdadded for quick scanning.
Changes since 1.6.6
- Delete
run.py; align Sonar sources and operator docs. - Patch build
1.6.6→1.6.7per VERSIONING checklist. - Audit export:
--export-audit-trailnow includesdashboard_transportposture in the JSON payload.
Bump type
| From | To | Rule (VERSIONING.md) |
|---|---|---|
| 1.6.6 | 1.6.7 | Build (patch) — same major/minor, +1 build |
How to get 1.6.7
- From source:
uv syncat1.6.7onmain. - Docker: after Hub publish:
docker pull fabioleitao/data_boar:1.6.7or:latestif built from this tag.
Build and push Docker image
From repo root, on main at 1.6.7, after tests pass:
.\scripts\check-all.ps1
.\scripts\docker-lab-build.ps1
docker login
.\scripts\docker-hub-publish.ps1 -SkipBuildPublish (tag + GitHub Release)
After this version is on main:
git pull origin main
git tag v1.6.7
git push origin v1.6.7
gh release create v1.6.7 --notes-file docs/releases/1.6.7.md --title "1.6.7"After publish: verify
- GitHub: Release v1.6.7 and tag point to the intended commit.
- Docker Hub: Tags
1.6.7andlatest(if used) — quick smoke. - README (EN + pt-BR): “Current release” = 1.6.7.
- Maintenance:
.\scripts\maintenance-check.ps1;docker scout quickview fabioleitao/data_boar:1.6.7as needed.
Full Changelog: v1.6.6...v1.6.7
1.6.6
Release 1.6.6
Release date: 2026-03-25
Publish state: 2026-03-25 — Git tag v1.6.6, GitHub Release, and Docker Hub tags 1.6.6 + latest published from main at this version (see § Publish for reproducible commands).
Version string: 1.6.6 across pyproject.toml, core/about.py fallback, man pages (docs/data_boar.1, docs/data_boar.5), deploy/Docker examples, and README “Current release” (VERSIONING.md).
Highlights
- Dependencies:
requests>=2.33.0to address CVE-2026-25645 (refreshuv.lock+requirements.txt).pip-auditmay still report pygments CVE-2026-4539 until PyPI ships a fix — see DEPENDABOT_PYGMENTS_CVE.md and SECURITY.md. - Docs / PMO: PLANS_TODO.md Integration/WIP synced with
main; Band A order –1 cadence note to re-check blocked CVEs each pass. - Workflow:
scripts/pr-merge-when-green.ps1— ASCII punctuation in messages for Windows PowerShell 5.1 parse reliability. - Behaviour vs 1.6.5: Patch — security dependency floor + documentation; no intentional breaking API/config changes.
Changes since 1.6.5
- Band A (–1 / –1b) hygiene: requests bump, pygments triage doc, SECURITY (EN + pt-BR),
maintenance-check.ps1pointers. - Release version alignment 1.6.5 → 1.6.6 across packaging and operator-facing docs.
Bump type
| From | To | Rule (VERSIONING.md) |
|---|---|---|
| 1.6.5 | 1.6.6 | Build (patch) — same major/minor, +1 build |
How to get 1.6.6
- From source:
uv syncat1.6.6onmain. - Docker:
docker pull fabioleitao/data_boar:1.6.6(after Hub publish) or:latestif published from this tag.
Build and push Docker image
From repo root, on main at 1.6.6, after tests pass:
.\scripts\check-all.ps1
.\scripts\docker-lab-build.ps1
docker login
.\scripts\docker-hub-publish.ps1 -SkipBuildPublish (tag + GitHub Release)
After this version is on main:
git pull origin main
git tag v1.6.6
git push origin v1.6.6
gh release create v1.6.6 --notes-file docs/releases/1.6.6.md --title "1.6.6"After publish: verify
- GitHub: Release v1.6.6 and tag point to the intended commit.
- Docker Hub: Tags
1.6.6andlatest(if used) — quick smoke. - README (EN + pt-BR): “Current release” = 1.6.6.
- Maintenance:
.\scripts\maintenance-check.ps1;docker scout quickview fabioleitao/data_boar:1.6.6— base-image CVEs may remain no-fix until Debian/python:*-slimrefresh (document exceptions as needed).
Full Changelog: v1.6.5...v1.6.6
1.6.5
Release 1.6.5
Release date: 2026-03-01
Publish state: VERSIONING checklist below is applied in this repo; Git tag, GitHub Release, and Docker Hub happen after merge to main and operator commands in § Publish (not automatic from this commit alone).
Wabbix / reviewer alignment: Single product version string 1.6.5 across pyproject.toml, runtime metadata, fallback in core/about.py, man pages, deploy/Docker examples, and README “Current release” (see VERSIONING.md).
Highlights
- Notifications:
scripts/notify_webhook.pynow passesLocalDBManager(from configsqlite_path, same CWD semantics as the engine) so manual operator sends append tonotification_send_logwhennotifications.notify_audit_logis true; use--no-auditwhen no local DB (e.g. some CI). Unit test intests/test_notify.py. - Docs: USAGE (EN + pt-BR) updated for the above; PLAN_NOTIFICATIONS_OFFBAND_AND_SCAN_COMPLETE.md Phase 4.4 partial ✅.
- Behaviour vs 1.6.4: Additive / backward compatible — default notification and audit behaviour unchanged for operators who do not run the manual script; new audit rows only when the script runs with a reachable SQLite file.
Changes since 1.6.4
- Webhook manual script + audit wiring; documentation and plan sync.
- Version bump 1.6.4 → 1.6.5 across packaging, man pages, deploy examples, README (see merge checklist in git history).
1. Bump type
| From | To | Rule (see VERSIONING.md) |
|---|---|---|
| 1.6.4 | 1.6.5 | Build (patch) — same major/minor, +1 build. |
How to get 1.6.5
- From source:
uv syncorpip install -e .at1.6.5. - Docker (branded):
docker pull fabioleitao/data_boar:1.6.5(after publish; or:latestif you publishlatestfrom this tag).
Build and push Docker image
From repo root, on main at 1.6.5, after tests pass:
.\scripts\check-all.ps1
.\scripts\docker-lab-build.ps1
docker login
.\scripts\docker-hub-publish.ps1 -SkipBuildPublish (tag + GitHub Release)
After the version-bump PR is merged to main:
git pull origin main
git tag v1.6.5
git push origin v1.6.5
gh release create v1.6.5 --notes-file docs/releases/1.6.5.md --title "1.6.5"After publish: verify version coherence (Wabbix-friendly)
- GitHub: Release v1.6.5 shows notes; tag points to expected commit.
- Docker Hub: Tags
1.6.5andlatest(if used) — smokedocker run …and check/aboutor logs if needed. - README (both languages): “Current release” matches 1.6.5.
- Optional email to reviewers: One sentence: “Shipped v1.6.5; version string aligned across
pyproject.toml, README, deploy examples, and Hub perdocs/releases/1.6.5.md.”
After publish: maintenance
- Dependabot / Scout:
.\scripts\maintenance-check.ps1— triage as in 1.6.4.md § After publish. - Scout:
docker scout quickview fabioleitao/data_boar:1.6.5(or post-docker-hub-publish.ps1flow).
Full validation gate
.\scripts\check-all.ps1Last updated: 2026-03-01 (release notes for 1.6.5).
What's Changed
- docs(plans): PLANS_TODO dashboard celebrates 1.6.4 by @FabioLeitao in #108
- chore(deps): pycparser >=3.0 + setuptools >=82.0.1 (#106, #107) by @FabioLeitao in #109
- feat(cli) + docs: API --host and operator help sync by @FabioLeitao in #110
- docs(ops): homelab sprint, chord heuristics, markdown sweep, PR hygiene by @FabioLeitao in #111
- docs(ops): operator lab map, commit/PR batching, merge main by @FabioLeitao in #112
- docs: compliance split, M-ACCESS sprint guidance, operator/cursor sync by @FabioLeitao in #113
- docs: compliance split, M-ACCESS, operator notify (Signal/Twilio), plans sync by @FabioLeitao in #114
- Compliance docs + detection: entertainment ML cap + regression tests by @FabioLeitao in #115
- feat(richmedia): subtitles, magic bytes, plans and compliance docs by @FabioLeitao in #116
- Docs/compliance maccess and doc updates by @FabioLeitao in #117
- docs(workflow): re-apply commit scopes + chore(deps) (recover f65f26d) by @FabioLeitao in #118
- docs(workflow): collaboration onboarding + Cursor Ubuntu/AppArmor runbooks by @FabioLeitao in #119
- docs(ops): WRB (Wabbix Review Briefing) — guideline, pacote de envio e pt-BR by @FabioLeitao in #121
- feat(cli): export audit trail JSON and preserve audit spine semantics by @FabioLeitao in #120
- ci: pre-commit e job lint — markdown + pt-BR locale; regra docs-pt-br by @FabioLeitao in #122
- feat(report): phase 1 data-source inventory across connectors by @FabioLeitao in #123
Full Changelog: v1.6.4...v1.6.5